Please login or register.

anonimal's Kovri Full Time Development funding thread

Monero and Kovri

From crypto-currency to simple message exchange, we rely on hardened privacy systems to guarantee that our transactions are anonymous and secure.

As Monero is a leader in both privacy-aware currency and community, the logical response to Monero's anonymity question is to implement a decentralized, anonymous internet.

The solution? Kovri.

The Kovri I2P Router Project aims to integrate I2P technology into Monero to ensure that every transaction and communication meets the highest standards of anonymity possible.

The Importance of Kovri

I cannot reiterate enough the importance of Kovri as both an implementation of a viable anonymous network and as an alternative to Tor.

Tor has an annual multi-million USD budget with a multi-million number user-base. Tor is well-researched and continues to garner massive media attention. While I love Tor tremendously and will defend her with tooth and nail, at this time of writing there are two issues that concern me the most with regard to the Tor project:

  1. With new management, the current state of the project is in questionable flux: core volunteers who have been with the project since its very early years are uprooting and leaving, there are publicly known conflicts within the organization, there are many rumors (both founded and unfounded) about U.S. government infiltration
  2. Tor's Achilles's heel: authorities, consensus, and flow-based onion-routing (as current implemented in Tor): they are not truly decentralized

While the issues in point 1 may be temporary or purely tin-hat, it's unfair to both the project and the entire planet to have a majority of the world's anonymity-needs resting on the shoulders of a single project; not to mention, the mere idea is very dangerous.

The issues inherent in point 2 are not easily addressed nor may they ever be addressed. Attempting to decentralize Tor by removing Directory Authorities and other technical aspects of current Tor design would be like genetically modifying an apple to become an orange after the apple has been fully formed. As interesting as that may be, why do such a thing when one can simply eat a natural-born orange?

How Kovri will improve the I2P experience

The Java implementation of I2P is the known worldwide. It is the original implementation and standard of which all other Garlic Routing implementations have followed and continue to follow. Over the years, there have been several notable complaints about the java I2P project with the biggest being: it's in java, and it's not easily usable.

Kovri aims to address these issues by implementing I2P entirely in C++ and, in addition to providing extensive & easy-to-understand documentation, implementing user-friendly interfaces.

While it's too soon to discuss details of GUI integration, Kovri will have an easy-to-use interface integrated with Monero's GUI in addition to being a stand-alone I2P router (so you don't need Monero to use it). This will be all-around useful to both I2P and Monero as it will increase XMR transaction obfuscation while strengthening the I2P network.

How Kovri will increase Monero's market value

It's simple: more users, more trust, more value.

Kovri + RingCT technology will guarantee confidence with every transaction; ensuring that they stay private and anonymous. By integrating Kovri by default, every user will benefit from an the extra layer of I2P anonymity.

In the future, after a beta release, we plan on having Kovri 'on' by default. Until then, Kovri will be optional (though you can use the stand-alone router now).

Why I should be funded for this project

I've been with the project since before the beginning and, with the help of key contributors, led the project to its birth. I'm proud and fortunate enough to say that one year ago (soon before Kovri was born), I had told fluffypony that I would here "for the long haul" - and here I am today. I have spent all my free time over the past year on Kovri and have lost much sleep as a result - all without asking for any donations or payments in return (though I do appreciate the donations that I have received).

I've gained relationships within the Monero community and a wealth of knowledge that comes with developing an I2P implementation in C++; so there has been that reward, but I'm currently at the point where I won't be able to meaningfully contribute to Kovri unless I start to receive full-time (or at least part-time) funding.

Funding will allow me to continue to lead the project and to do what I've been doing - but much more of it.

The current state of Kovri is not in the same state as Monero. Kovri needs a lot of work in order to be brought into beta and an eventual stable release. I2P specifications do not cover every aspect I2P or implementation and the documentation itself could be rewritten in key areas to better aid developers. Since Kovri was originally forked from i2pd, much of the present code-base was poorly designed and poorly written; so this makes development more difficult than it should be (we've been able to fix many of the issues but many still remain (see the issues tracker)).

In addition to resolving bugs and missing implementation, funding will allow me to:

  • Code, code, code!
    • We have many issues that need to be fixed
    • We have many features that need to be implemented
    • I repeat: Kovri is not in the same place as Monero was when Monero was first born
  • Guarantee Kovri/Monero integration
    • Integration with monerod
    • Integration with GUI
  • Building/releasing on same platforms as Monero
    • Linux/OSX/Windows
    • i686/amd64/armv7/armv8
  • Project management
    • Ensuring that we set and meet release deadlines
    • Preparing and leading bi-weekly meetings
    • Implementing Quality Assurance
  • Address the massive amount of technical details that come with implementing I2P
    • Research improving I2P and overlay-network security
    • Crypto research/implementation
    • Creating/improving documentation
    • Contributing to existing proposals
    • Opening new proposals

...and much, much more.

To gain a sense of how development has functioned, you can:

Payout proposal

  • 5 XMR/hour
  • 1449 hours / 30 hours per week
  • 16 milestones every 90 hours
  • Total cost: 7245 XMR

The amounts posted here are motivated by current market volatility but will guarantee another year's work on the project. To work on Kovri full-time is a gamble but, like everyone else here, I believe in Monero and believe that Kovri will have a positive impact on Monero's value.

Securing Monero's future

If Kovri doesn't get more attention and development, Kovri will be Monero's weakest link. We cannot let that happen. 30 hours is not enough to make this happen, so I will have to volunteer more than that in order to meet our goals (12 hour Kovri days are not unheard of). I must reiterate that even if full-time, we need more developers in order to fullfill Kovri's vision.

Funding will also allow me to reach out to other developers, continue to aid in upstream library development/bug fixes when needed, and become more engaged with EinMByte (an experienced, invaluable core contributor), zzz (lead dev for java I2P), and the I2P community at large in order to make Kovri happen.

Everyone is welcome to visit #kovri and #kovri-dev and ask as many questions as you'd like. I'll do my best to respond quickly and informatively.

Replies: 46
anonimal edited 7 years ago Replies: 1 | Weight: 0 | Link [ - ]

3rd milestone completed

Disclaimer

Again, I've worked more hours than what I would ask to be paid for. fluffypony has asked me to not do this so I will be better about simply doing what I can during the time alotted.

I must also note that because of various personal events over the past month, I was forced to periodically stop working since the previous milestone. This should be factored into the timeframe of work completed.

3rd milestone goals

Building strong foundations. Building for project longetivity. Building relationships and community.

Summary of work completed

I'll try my best to try and summarize what's been completed since the previous milestone:

Collaboration

  • Docker work with lazygravy
  • Android NDK work with moroccanmalinois
  • Snapcraft packaging work with elopio
  • Collaboration with #OpenHours 96boards.org / preparations for livestream showcase https://github.com/monero-project/meta/issues/46
  • Kovri IRC server work with ajs
  • As usual, lots of work with pigeons for our various build environments

Repo / Project

  • HackerOne
    • Create Vulnerability Response Process
    • HackerOne work + correspondence + update VRP + update contact info
    • Officially launch on HackerOne
    • Opened FFS request + reddit for HackerOne bounty funding account
  • Inherit all of fluffypony's assigned issues (he has more important things to do!)
  • Documentation updates
    • add snapcraft + tunnels setup + basic opsec documentation to user-guide
    • add eepsite registration process to user-guide
    • add Base64 + links to user-guide tunnel setup
    • various other updates to build instructions, FAQ, and contributing guide
  • Project public relations review/cleanup: remove quitter account, etc.
  • kovri-relay maintenance (now relays to #monero-otc and #monero-pools on freenode)
  • Website: initialize anonimal/kovri-site + add legal files
  • Various Reseed + SSL + cert updates and maintenance
  • Regular live testing on all supported platforms
  • PR review for all contributors
  • Mentoring/education when called upon by fellow contributors
    • support for #kovri/#kovri-dev
    • guzzi FFS progress report review and feedback

Code

  • Create/implement new exception dispatcher
  • Feature: write client/server local base32/base64's to text file(s) + improve private keys impl
  • Refactor + cleanup Makefile
  • Crypto++ 5.6.5 post-tag master branch research, update submodule for fixes/features
  • Coverity maintenance (devops + code)
  • Build: implement version handling with CMake + update definitions
  • Learn all clang-format options, implement new style + docs, add cpplint filter
  • Debug + fix filesystem-related for #519/#520
  • Fix NetDb/RouterProfile loading/saving/deleting implementation
    • Fixes impl on case-insensitive filesystems (OSX/Windows)
    • Related refactoring + impl cleanup
  • Resolve clang build warnings for binary and tests
  • TunnelBase: fix datatype/impl for creation time + related refactoring
  • Review + fix MoroccanMalinois' HTTP client PR and utility binary PR's
  • Cherry-pick monero-project/meta#36 monero-project/meta#50 + move to Kovri repo + more development on installer/packager
  • More NTCP work, fixes + refactoring / spec review

Build / Packaging

  • Introduce DragonFly BSD support
  • Introduce OpenBSD support
  • Debugged + fixed FreeBSD static build due to system update issue
  • Fix snapcraft build
  • AUR research
  • Introduce + develop/fix new installers / packager for nightly builds on all supported platforms
    • Packager works on Linux/OS/MSYS2/and all supported BSD's
    • Installer works on all supported platforms
    • Add install/uninstall to Makefile and installer
    • Related improvements/fixes
    • Finalize nightly builds!

Monero

  • dns_utils: fix infinite recursion when distributing empty dns_urls
  • Minor code fix/review for 0.10.2 release, other contributions/collaboration
  • Resolve open issues (ones I opened)
  • Minor updates to monero README and monero-site contributor's page
  • Update monero AUR package, debug failed serialization unit-test

Research

  • Monero GUI + Qt research for Kovri
  • Preliminary LMDB/lmdb++ research

...and more! Please review git-log, the monero-project/kovri and monero-project/meta repo issue tracker for more details

Note: the Alpha release will be here soon :)

Reply to: anonimal
lethos3 posted 7 years ago Weight: 0 | Link [ - ]

great job anonimal, thanks for the updates.

anonimal edited 7 years ago Replies: 1 | Weight: 0 | Link [ - ]

8th milestone completed

Preface

September 19th through November 7th: this milestone covers (yes, coincidentally) ~146.33 billable hours. Actual kovri at-desk time spent exceeds those hours - closer to double (though I was forced to AFK for a week and took other time off).

Summary of work completed

R&D

  • Preliminary API development
    • PoC in kovri-util binary and Boost.Python wrapper
  • Testnet development
  • Kovri in Rust research
  • Tor code/spec research
  • Shadow plugin research
  • A big NTCP phaser/message/session rewrite still sitting in my local branch (WIP, not yet pushed)
  • Related research for respective areas of development and a fair amount of internal + dependency library research for the various areas/reasons as noted throughout this milestone
  • Other kovri code development and related research
  • ...and more.

Collaboration

In no particular order:

  • New contributor selsta, IRC + PR collab
  • New contributor edavinci, IRC collab
  • #monero-dev moneromooo and hyc collab for API
  • Private collab with sarang for kovri
  • #monero-research-lab collaboration
  • Finalization of kovri script + preliminary recording in #promo-video with savandra, scoobybejesus, sgp, et al.
  • msvb-lab (Michael) hardware wallet project collab
  • HackerOne monero repo collab/report management (though no kovri reports yet)
  • #monero-vrp and internal collaboration
  • Crypto++ development with noloader (Jeff)
  • rehrar (deserves his own line)
  • sgp (University research related)
  • serhack for check.kovri.i2p
  • ercicione and others for translations
  • Backend collab with pigeons and ajs for irc.kovri.i2p
  • as usual, backend build development with pigeons
  • Boost.Beast (Vinnie)
  • ...and more.

General

  • Monero-project + kovri/kovri dependencies Issue/PR review
  • Non-dependency repos contributed/PR'd to:
    • alvinjoelsantos/promo-video (kovri script)
    • kovri-site
    • kovri-docs
    • meta
    • monero
  • /r/Kovri
  • Kovri-related in /r/Monero
  • Kovri social media
  • FFS review/collab
  • Kovri-related email
  • Arch AUR monero package and related monero debugging/development
  • Detailed invoice timetracking (can't paste here, folks!)
  • ...and more.

Notes

  • See git-log for details

  • I have detailed, down to the second, time-tracking of all my work; complete with detailed descriptions of every activity. Because of privacy concerns, I'm reluctant to ever post this information publicly but will make them available to members of the core team upon request

  • For GitHub-recorded details (commits, pull requests, issues, discussions, etc.), see my activity page: https://github.com/anonimal. Other useful information may also be on twitter: @0x914409F1

Reply to: anonimal
anonimal posted 7 years ago Weight: 0 | Link [ - ]

Note: alvinjoelsantos/promo-video (kovri script), as a big portion of the kovri script collaboration, was supposed to be added to section General. Updated.

anonimal edited 7 years ago Weight: 0 | Link [ - ]

6th milestone completed

Preface

June 23rd through August 5th: this milestone covers 105 billable hours (does not include all my time working toward this project) and also covers ~2 weeks prep/travel/doing/wrap-up of Kovri promotion at DefCon25 + the Monero L.A. meetup. The promotion work is not officially covered by this FFS proposal though I've included it in this milestone because it's what I've also been busy with but I am not billing for the promotion work.

In the future, I would like to include any in-person promotion work to my FFS since fluffypony is, to my knowledge, the only other IRL person doing such consistent work with enough kovri/i2p knowledge to boot. If the community wishes not to fund me for promotion work through this FFS, then I will open up new FFS proposals as needed. Note: IRL promotion work was not originally included in this FFS because I was completely anon but, as of July 29th, 2017, I began formally de-anoning for various reasons - the biggest reason being to better facilitate project awareness.

Summary of work completed

Note: I have detailed, down to the second, time-tracking of all my work (via Kimai), complete with detailed descriptions of every activity (141 entries for this milestone). I'm reluctant to ever post these timesheets publicly because of privacy concerns but I will make them available to the core team upon request.

  • Code/Project collaboration/PR review/Mentoring of MoroccanMalinois, rehrar and other contributors
  • kovri-site + kovri-docs + meta + monero development
  • Testnet development, new Win installers, code R&D for MM's PR's
  • All the usual work that comes with leading this project (providing support, leading meetings, project management, etc.)

For GitHub-recorded details (commits, pull requests, issues, discussions, etc.) see my activity page: https://github.com/anonimal

anonimal posted 6 years ago Weight: 0 | Link [ - ]

Milestone 11 includes a consolidated ~176 hours of billable time (as usual, I've donated many more hours than what I've billed because I'm picky about what I bill). This milestone covers the dates 03-14-2018 through 04-06-2018, 04-13-2018 through 05-01-2018, and 05-07-2018 through 06-12-2018

The majority of time spent during this milestone became devoted to mentoring/developer training (see pull requests + IRC), collaboration, and project development. Project development includes upcoming DefCon 26 BCOS Privacy Village preparations of which I'll be speaking/presenting. I will also be going as part of the Monero DefCon Team (as well as beginning preparations for IncognitoCon 2018 in September). This milestone did not provide me with the desired time for kovri code and research that I had hoped for, but the alpha release is still scheduled for DefCon 26.

Code

Newest to oldest, not including merge commits (of PRs I've reviewed or my own PRs):

6968d6c7 CMake: remove optional lib build
6ec3f9af Repo: update copyright dates + bump kovri-docs
4778a64a Repo: update guide name in GitHub templates
3e68f8a3 Contrib: change default Dockerfile repo name
3f479c2e README: update quickstart + make/install
b2f5f7d3 README: add links to user/developer guide
60d6c8af Docs: bump kovri-docs to e21aaa8
91233a00 README: reorg/cleanup nightly table
30d08272 README: add build table + condensed instructions
a053f772 Util: fix bad anycast in routerinfo
57bdc934 Kovri: bump latest version for Alpine Dockerfiles
1967f947 Testnet: add clang to Arch Dockerfile
a16f0ceb Kovri: boost.program_options bool option overhaul
8902e666 Util: fix cpuid impl unused parameter warning
fcf2119d I2PControl: add virtual dtor to abstract class
2cdf0660 Kovri: comply with CERT secure coding rule ERR53-CPP
824ffa63 UPnP: fix missing field initializer warning
075a0a27 Config: fix unused parameter warning
2a514fea TunnelPool: fix comparator functor for gcc8 build
16548fdb README: update macOS static build link
c2a2c02d Build: use kovri branch for cpp-netlib
28d5134e Transports: don't reuse DH keypairs
80b680b3 Filesystem: clarify FileStream read/write docs
cd082fa2 Util: fix args minimum count
8b815d9c Build: enable verbose CMake build
baf81e0a Build: add deps cmake + only support in-tree miniupnp
3dcf5d6b Build: update miniupnp cmake find
b7952155 Build: add miniupnp submodule
4e56ba82 Build: bump cryptopp to CRYPTOPP_7_0_0
af6b9b41 README: update OSX static build link
7310a1fd HTTPProxy: patch message request for unit-test
b32ad557 Tests: rewrite HTTP Proxy unit-test
986c33e7 Kovri: disallow simultaneous disabling of both transports
d3675a5f Util: allow disabling of transports

--- WIP in branch 'bandcaps' (my fork)
b629dcfe Util: use new bandwidth setter for routerinfo
c044f91b Core: implement custom RI bandwidth / bandcaps
16a6e6b4 Tests: add RouterInfo caps unit-test
55a1c542 RouterInfo: new caps implementation
---

Repos

Kovri (includes patches/fixes I've given while mentoring/reviewing)

Kovri Docs

Kovri Site

Meta

Dependencies

Monero

Required by the community but UNBILLED

Research

In addition to the usual research and code review required for development (including library research, I2P spec/impl, and proposal review):

Collaboration

VRP related

Community

Last but not least

  • Buildbot backend collaboration + maintaining non-buildbot build backend environment
  • Kovri-related emails + email lists for monero/kovri dependencies + security advisories
  • Maintaining Coverity build
  • Write Milestone #11 report

Notes

  • Please, feel free to look closely at every noted pull request and issue as much effort goes into Kovri development (also see git-log for details)
  • I have detailed, down to the second, time-tracking of all my work; complete with detailed descriptions of every activity. Because of privacy concerns, I'm reluctant to ever post this information publicly but will make them available to members of the core team upon request
  • For GitHub-recorded details (commits, pull requests, issues, discussions, etc.), see my activity page: https://github.com/anonimal
  • Other useful information may also be on twitter:
jhongalt edited 7 years ago Replies: 1 | Weight: 0 | Link [ - ]

It seems that the R&D sections are focused on research rather than development. Was there a major C++ implementation feat accomplished in the last milestones?

Regarding the NTCP rewrite in your local branch, it seems that there are < 10 code changes and only in one NTCP file: Session.cc

Reply to: jhongalt
anonimal posted 6 years ago Weight: 0 | Link [ - ]

>It seems that the R&D sections are focused on research rather than development.Was there a major C++ implementation feat accomplished in the last milestones?

I'm afraid you're mistaken; they are mutually exclusive. See github for details.

>Regarding the NTCP rewrite in your local branch, it seems that there are < 10 code changes and only in one NTCP file: Session.cc

As was already noted in the milestone "sitting in my local branch (WIP, not yet pushed)". The work will eventually be pushed but there are other priorities at the moment. At currently ~172 hours for the 9th milestone, you'll find out what and why soon enough.

anonimal edited 6 years ago Weight: 0 | Link [ - ]

9th milestone completed

For this milestone, you receive a 2.27-milestones-for-the-price-of-1-milestone special at 204.5 billable hours (actual ass-in-seat computer time was closer ~280): November 8th, 2017 through January 20th, 2018 with the exception of several weeks not working because of holidays and a holiday illness.

As you’ll notice, there are still a majority of non-code items logged. During this milestone, rehrar has been assisting me with project management ¼th time and he’s been very helpful but we’re glad that he’s now working ½th time - so this will give me more time to code for the next milestone. We need more people on-deck. Monero has many hands on board and kovri still only sees a fraction of that contributor-base. The more people on-board means I spend less time managing the project and more time coding.

This milestone saw not one but two i2pd 0days. I have never been a fan of i2pd. Before we forked, I had voted to not fork but instead start from scratch because of the terrible state of i2pd code. I was outvoted by the community (yay democracy) and here we are now.

If you're ever wondering "why hasn't kovri been integrated yet", my response is plainly: "i2pd 0day count = I lost track after 7. Kovri (non-i2pd) 0day count = 0." Kovri is certainly not immune to 0days, but it's important to note that producing anything worthwhile will be time-consuming. With that said, I've put my foot down and am moving with the intent to remove all i2pd code - period. All i2pd code must go - period. Doing so will be the biggest time-consumer for the remaining milestones but everything in the original proposal can still be achieved - to some degree.

Now, moving on, I encourage you to look closely at every noted pull request and issue - as much effort goes into Kovri development.

Code

This code section includes all necessary code related research (including java I2P review), spec review, related kovri code review for aforementioned kovri repo issues/pull requests and documented commits + related building/testing/debugging.

Notable Kovri pull requests/issues (this list may be incomplete, please see github for details):

  • #696, #711, #747, #748, #749, #750, #751, #754, #755, #757, #758, #759, #760, #761, #767, #769, #771, #772, #773, #774, #775, #776, #777, #778, #779, #780, #784, #785, #786, #788, #789, #791

A brief summary of commits most recent to eldest (as noted throughout the aforementioned pull requests):

- Crypto: finish removing DSA/ECDSA from ca04ff4 (branch remove-signatures, see #755)
- Crypto: finish removing RSA from ca04ff4 (branch remove-signatures, see #755)
- Kovri: new base32/64 impl / radix interface / unit-test 
- Build: optional kovri-util, disable by default 
- Filesystem: path getter refactor 
- HTTP: log warning when not using HTTPS 
- Kovri: clarify HTTPS nomenclature 
- Core: invert SU3 verification config logic 
- Installer: use Inno Setup on win `make install` 
- ByteStream: I/O reader/writer/endian rewrite                                                                                                                                                                    
- Streaming: fix overflow if large sig is included                                                                                                                                                                
- Garlic: refactor clove over-read check + add TODOs                                                                                                                                                              
- Garlic: add check for potential clove buffer over-read                                                                                                                                                          
- NetDb: fix logging of peer hash count for DatabaseSearchReply                                                                                                                                                   
- Core: default RI opts setter + remove deprecation                                                                                                                                                               
- Core: rewrite RI address add'er                                                                                                                                                                                 
- Core: context/RI trait and state refactor                                                                                                                                                                       
- Core: fix description logging of SSU address key                                                                                                                                                                
- Core: new RI ctor + fixes + WIP context init rewrite                                                                                                                                                            
- Core: don't use interface for context initialization                                                                                                                                                            
- Core: return uint64_t for router uptime                                                                                                                                                                         
- Core: WIP rewrite of router initialization                                                                                                                                                                      
- Core: initial rewrite of router initialization                                                                                                                                                                  
- Core: refactor context into core namespace                                                                                                                                                                      
- Boost.Python: add kovri python example 
- Boost.Python: implement core/client wrappers + utils 
- Testnet: fix path for kovri bash completion 
- Repo: contrib cleanup 
- CMake: extend Boost.Python detection beyond Arch Linux

Misc. related:

Research/Review

In addition to, and a few clarifications to, the research/review required in the Code section:

  • Boost.Python docs + exposing classes + research/test boost.python inheritance wrappers + research for using c++ reference object without wrapper (if possible, TBD)
  • Boost.Python unique_ptr handling + various wrapper strategies and design considerations for API refactor
  • Boost.Variant issue and to not downcast from uint64_t in i2pcontrol's reporting of uptime (insignificant, even for i2pcontrol). A real fix (which isn't needed for some boost versions) requires interface and implementation rewriting (not worth the trouble)
  • All things garlic and I2NP + review/document/log/debug/test/verify/challenge https://hackerone.com/reports/291489
    • code review of garlic AES unencrypted block handling
    • core review for all things tunnel and I2NP message + creation
    • spec review tunnel message / garlic / message encryption
    • spec review tunnel creation + complete ElG/AES spec review
    • code review: all things garlic + finding/reviewing garlic payload len calculations before AES encryption
    • code review: all garlic size 2 byte creations for all message types
  • Client local destination as related to ed25519 keysig
  • Complete java i2p doc/spec review for all things related to how we can effectively remove DSA + add TODO regarding caveat for ed25519 endian + review common-structures.rst/SigningPublicKey.java/KeyCertificate.java/Ed25519LittleEndianEncoding.java
  • Review NTCP and AES of str4d's "Ire" Rust rewrite of java I2P
  • Surae's space-time tradeoff RTRS paper
  • Panoramix
  • ZeroMQ + azmq + the 4 message patterns in detail + curvezmq as related to https://github.com/monero-project/kovri/issues/53#issuecomment-352481462
  • Upfiring whitepaper as related to kovri (answering the question of potential use-case)
  • IntenseCoin "whitepaper" ICO proposal review + #kovri discussion about its various holes
  • May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519
  • Radix systems and schemes
  • Crypto++'s TweetNaCl: https://github.com/weidai11/cryptopp/pull/566

Collaboration

  • #kovri/#kovri-dev/#monero-dev/#monero-research-lab support and collaboration
  • rehrar
    • All things related to developer search
    • Review/comment his FFS milestones for assistant project management + collborate to create his Q1 2018 proposal
    • Promotion discussions
    • FFS formalization development
    • Etherpad collaboration
    • Website review/collab
    • Review/ACK/NACK https://github.com/rehrar/meta/pull/1#pullrequestreview-85446779
    • FLOSS-weekly review (to do or not to do)?
  • Mentoring selsta and oneiric
  • New developer "wqking", help him get familiar with kovri and started on various issues
  • Surae's/sarang's FFS review as related to kovri + #monero-research-lab PRNG discussion
  • supercop with vtnerd + fork monero-project/supercop + NACK monero-project/supercop#1 (we currently use ref10 from supercop)
  • pigeons backend collaboration
  • noloader (Jeff Walton): primarily email collaboration but also https://github.com/weidai11/cryptopp/issues/562 and https://github.com/weidai11/cryptopp/issues/561
  • Derek@OSTIF + answer list of questions/email + new potential dev "Alex"
  • cont. private message / collab with Derek at OSTIF re: kovri dev and potential new kovri developers
  • Review/comment on CryptoVirus’s https://github.com/MissMiner/kovristuff/wiki/Kovri-start-up-sequence
  • #monero-vrp
  • #monero-research-lab
  • #monero-translations
  • NACK promo-video/#35

Reviewed/merged kovri-docs/kovri-site:

General

This milestone saw a significant increase in HackerOne/#monero-vrp responsibilities. As a member of the response team, collaboration with the team to resolve all monero related reports + continue to develop VRP is of paramount importance to kovri development.

Additional general work includes:

  • Repo maintainer for kovri/kovri-docs/kovri-site and all applicable issue/PR development, reviews, and merges (including those that I’ve opened/closed), milestone up-keep, and all applicable code. See github for details.
  • Email related to kovri development and kovri dependencies + various related mailing lists
  • Ubuntu64 private build/test machine backend updating/rebooting/setting back up + Win64 update/install win64 tor/sshd service
  • build.getmonero.org build machine maintenance (repo related on personal account)
  • Reddit r/Kovri and kovri-related r/Monero anonimal_0x914409F1 and twitter.com/getkovri
  • Issue review and PR review on a regular basis of monero/research-lab/kovri + related dependencies
  • Write Milestone #8 report (writing this report will be billed to milestone #10)

Notable meta pulls/issues (this list may be incomplete, see github for details):

  • #83, #142, #144, #146, #152, #153, #154, #163

Misc. related:

  • Other activities (un-billed) include: Monero AUR, monero/#2774, monero-forum/#46

Notes

  • See git-log for details
  • I have detailed, down to the second, time-tracking of all my work; complete with detailed descriptions of every activity. Because of privacy concerns, I'm reluctant to ever post this information publicly but will make them available to members of the core team upon request
  • For GitHub-recorded details (commits, pull requests, issues, discussions, etc.), see my activity page: https://github.com/anonimal. Other useful information may also be on twitter: @0x914409F1
anonimal edited 7 years ago Weight: 0 | Link [ - ]

2nd milestone completed. As usual, I've worked more than paid hours but, because of several blocking upstream issues (and me not satisfied with where we were by the time the hours were completed), I've held out until now (also, holidays etc.). Ideally I wanted to announce an alpha release but new issue after new issue kept piling up to the point where we're still only inches away from nightly releases.

Stay tuned for nightly releases and the alpha release (nightlies will be ready very soon, alpha will be available soon'ish).

Some highlights of work completed:

  • Kovri bug fixes, new features, improvements, and issue resolution (all visible on GitHub)
  • App/Client: fixes + features + unit-tests + refactoring + documentation
  • Client/Tunnels config features + fixes + refactoring
  • Crypto work + fix dangerous crypto rand implementation
  • New logging implementation
  • Address Book development
  • Core tunnel development
  • NTCP development (ongoing in my fork)
  • Strengthen HTTPS client's cipher usage/TLS version
  • Active kovri run-time testing on all platforms for all development
  • Fix + finalize fully static builds for all platforms (this included static OpenSSL which had various upstream CMake issues to tackle before this was resolved)
  • Upstream dependencies development (cpp-netlib fix/dev feature, CMake)
  • Monero development (discovered security issue with static release builds and libunbound: Monero didn't adjust for OpenSSL releases/hotfixes)
  • Meta repo work for Monero and Kovri / project management
  • Mentoring/education + much #kovri/#kovri-dev support: visible on GitHub and IRC
  • Salti development, discussion
  • Setting up kovri-relay for when fluffypony couldn't manage i2p-relay because of traveling. kovri-relay now relays OFTC to Irc2P/Freenode
  • Kovri platform packaging research and testing (including Windows)
  • API research for Kovri
  • Working with nm90 on /r/Kovri
  • Various kovri repo work (submodule/deps, new reseed servers, docs, issue maintenance, etc.)
  • Other (minor) Monero development (monero, monero-forum, monero-site)
  • More...

Note: I don't know why my previous post says "1 month ago" when that was almost 2 months ago (forum rounds down?).

anonimal posted 8 years ago Weight: 0 | Link [ - ]

Hello again,

The first milestone was reached last week but I've delayed a payout because of the amount of non-code work that needed to be resolved first (and I wanted to feel more comfortable with where we stood before moving onto the next milestone).

Complete progress summaries of the first milestone are posted at the beginning of the following meetings logs (not including work done in late October):

Summary on 2016-11-13

Summary on 2016-11-27

My many thanks to everyone for your continued support! All of you certainly makes the experience more enjoyable :)

anonimal edited 6 years ago Weight: 0 | Link [ - ]

Milestone 10 includes another 2-for-1 special of ~181 hours of billable time (as usual, more project time spent than billed because I'm picky about what I bill). The milestone covers the dates January 21st, 2018 through March 10th, 2018.

What I was most excited about for this milestone was that, for quite possibly the first time in this FFS proposal's history, I was able to spend a vast majority of time on actual code development. This brings me great joy because only at this pace will we be able to achieve what we want before this FFS proposal is finished (until now, I've had to devote a majority of my time to project development in order to get the project up and running).

Code

Newest to oldest, not including merge commits (of PRs I've reviewed or my own PRs):

05af5a90 Kovri: bump I2P router version to 0.9.28
4a10adfd ElGamalEncryption: ensure first byte is random (non-zero)
3636e065 Tunnel: reduce default VTBM records from 5 to 4
205f2840 Kovri: increase IPv6 MTU
418fc6de Kovri: bump I2P router version to 0.9.27
f9e47c41 SSU: implement IPv6 peer testing
3e4effe7 SSUSession: get intro key from IPv6 capable routers
614fccdb Core: move bytes-to-asio address creator to util
dca3b2b9 Tag: use unsigned type for size
61576296 Tag: static assertion for null buffer size
507b888f Tag: zero-initialize un-initialized union buffer
c25c05c5 Tag: remove un-needed copy ctors + assignment overloads
f92bbd62 Tag: move from Identity to util + use std lib defs
31b4d237 ByteStream: const cleanup + remove unused member
8574d9e0 Reseed: update netdb.i2p2.no TLS cert
ce67dd8f SSUSession: always create header IV internally
4506cf39 SSUSession: process RelayIntro refactor + docs
e49b2970 SSUPacket: ensure valid IP address sizes + fix tests
2ef29bb8 SSUHeader: set appropriate ext-options size type
2a00c964 SSUPacketParser: mitigate fragment size buffer overflow
2b86a6f8 SSUSession: re-throw after parsing bad messages
afd8bdff SSUSession: send SessionRequest refactor + docs
aca0db62 SSUSession: rewrite encrypted message processor
f646ff71 SSUSession: create signed-data size calculation getter
de28be76 SSUSession: send SessionConfirmed rewrite + docs
fb184929 SSUSession: send SessionCreated rewrite + docs
fe3f5d5e SSUSession: received SessionCreated rewrite + docs
b8fe8362 README: update contact email
1e813e52 Contrib: update PGP key anonimal.asc (add email address)
d7176597 Build: bump cryptopp to CRYPTOPP_6_1_0
6de8c7b4 Docs: bump kovri-docs to 86df090
eb45e881 SSUSession: send keep-alive bytestream refactor + docs
0bfa913e SSUSession: send SessionDestroyed bytestream refactor + docs
3290a378 SSUSession: send PeerTest bytestream refactor + docs
42bf6605 SSUSession: send RelayIntro bytestream refactor + docs
61b641fe SSUSession: send RelayResponse bytestream refactor + docs
deb97ad2 SSUSession: send RelayRequest bytestream refactor + docs
fd678756 OutputByteStream: add non-const data pointer getter + test-case
6f4e0c7c ByteStream: calculate size from length plus counter
b3e3c688 ByteStream: add base input interface + internal vector buffer
9fe1653e SSUSession: fix invalid writing of null padding
8e6989ac ByteStream: add asserts + more exception handling
cd34ff13 CMake: fix incorrect setting of C release flags
b215ba6b ByteStream: add new byte skipping interfaces/impls
23871a18 ByteStream: add buffer-less ctor for container-like stream + test-case
92c1d515 ByteStream: rename advancing function as appropriate
7928c3e7 SSU: remove all calls to get enum underlying type
77e3a1d6 SSU: remove packet/data scoped enumerations
7f5f51b6 Kovri: replace glic endian conversion with boost.endian
944264dc Kovri: finish the removal of i2pd's endian impl
7a12f4ee Kovri: implement big/native-endian bytestream write
dea57f7d ByteStream: implement optional endian conversion
b988ea7a InputByteStream: add docs to readers
9a301888 OutputByteStream: add write wrapper + static writer
ffb2fff5 Kovri: implement native-endian bytestream read
28099728 ByteStream: simplify boost address to vector impl
df947280 ByteStream: virtual dtors for I/O base cases + explicit ctors
889f3edb ByteStream: implement I/O base class + related I/O refactor
3d704a1c ClientDestination: implement bytestream in Data message handler
f0c8acd1 InputByteStream: add read wrapper + static reader
65cdc733 InputByteStream: add new getters/members
7900b7e3 ByteStream: cpplint/clang-format/style check-in
5d421dd2 ByteStream: fix copyright dates
6a6ffcd7 Radix: re-implement unrolled decoding tables
07f4ebe3 Radix: throw length error, not runtime, when decoding
22113837 README: remove repos, merge docs/dev into single section
2c6b4758 README: merge support with contact + add/remove entries
cfa37da0 Build: bump cryptopp to 96bc82f
00347000 CMake: add NDEBUG flag for release builds

Repos

Kovri

Kovri Docs

For this milestone, mostly as collaborative repo maintainer:

Kovri Site

For this milestone, mostly as collaborative repo maintainer:

Meta

Misc.

Research

In addition to the usual research and code review required for development (including library research, I2P spec/impl, and proposal review):

Collaboration

  • VRP team, much #monero-vrp collaboration
  • HackerOne report collab (this list is incomplete, see hackerone.com/monero): #303390 #304770 #321213
  • The usual support and collab in #kovri / #kovri-dev / #monero-dev / #monero-research-lab / #monero-translations
  • The usual suspects: moneromoo (VRP related), surae, sarang, rehrar (project + dev search + Revuo collab), coneiric (mostly mentoring), pigeons, fluffypony, brbzull (new contributor), Jeff @ crypto++ (collab), and others
  • /r/Kovri, /r/Monero kovri-related
  • Twitter @getkovri (with rehrar)

Last but not least

  • Maintaining Coverity build
  • Maintaining non-buildbot build backend env
  • Write Milestone #9 report
  • Write Milestone #10 report

Unbilled

Notes

  • Please, feel free to look closely at every noted pull request and issue as much effort goes into Kovri development (also see git-log for details)
  • I have detailed, down to the second, time-tracking of all my work; complete with detailed descriptions of every activity. Because of privacy concerns, I'm reluctant to ever post this information publicly but will make them available to members of the core team upon request
  • For GitHub-recorded details (commits, pull requests, issues, discussions, etc.), see my activity page: https://github.com/anonimal
  • Other useful information may also be on twitter: @getkovri @0x914409F1
anonimal posted 8 years ago Weight: 0 | Link [ - ]

Hi everyone, just for the record, I'm donating 45.6 XMR of which will be taken out of my milestones and given to the Monero dev fund. This will even-out the oddness/spillage of payouts and will help fund other great Monero projects.

anonimal edited 6 years ago Weight: 0 | Link [ - ]

Milestone 13 includes ~336 billed hours from the dates 2018-07-27 to 2018-08-15, and 2018-08-29 to 2018-09-29. As usual, I've donated more hours than what I've billed.

To write the usual detailed report for this many hours is futile. Instead, I will summarize because my proof of work is well-known within the community:

  • Defcon 26 kovri workshop preparation + completion + related village activites/collaboration (videos to be released, also includes collaboration with Sean)
  • L.A. Monero Meetup Kovri talk preparation + completion (video here)
  • ShellCon kovri collaboration + networking and brief talk participation (off camera)
  • Kovri Project independence! WIP for new everything as stated (partially) here because of this, this, this, this, and moooooore...
  • Building and nurturing the new team, including two new personnel:
    • Luke is our new devops/web front/backend developer. We've done an incredible amount of collaboration together this milestone
      • New web backend/hosting and domains
      • WIP CI/CD development
    • MermaidNets (Sonia) is our new business development / marketing / sales specialist who is currently in training for privacy/anonymity
      • IRL and online collaboration
      • She's current in training with myself and Diego
  • Project development and code-related project development
    • IRL and new backend infrastructure (including build)
      • Includes new CI + building a new, more permanent, CI/CD
    • Building a new funding model
    • Building a new outreach model
    • Building new and existing relationships
  • Code development
  • See also our new Slack at kovri-project which I maintain (as well as the relay bot). For Project development, visit the #kovri-meta channel

This is all needed so Kovri Project can not only survive - but also thrive. The remaining portions of this FFS, like integration, are all continuing as planned.

Required by the community but UNBILLED

VRP related

  • I'm still leading Monero's VRP team and keep busy with related development including Coverity backend, report review handling, and all that comes with the job. CURRENTLY NOT BILLED.
  • Visit https://hackerone.com/monero and https://reddit.com/r/monero for my related activity regarding public disclosure (search "SECURITY ADVISORY" on r/monero)

Notes